diff options
| author | Giuseppe Scrivano <gscrivan@redhat.com> | 2019-05-16 16:31:08 +0200 |
|---|---|---|
| committer | Giuseppe Scrivano <gscrivan@redhat.com> | 2019-05-16 16:31:21 +0200 |
| commit | 8b344065d2b9cc8c98b7b841d5d6845aca2f0ac3 (patch) | |
| tree | d57fcce168591327a37500c3cc13a3e0bc9294f5 | |
| parent | 4b480240573be4cd8fe04505b6a435a6aa454f86 (diff) | |
| download | podman-8b344065d2b9cc8c98b7b841d5d6845aca2f0ac3.tar.gz podman-8b344065d2b9cc8c98b7b841d5d6845aca2f0ac3.tar.bz2 podman-8b344065d2b9cc8c98b7b841d5d6845aca2f0ac3.zip | |
unshare: define CONTAINERS_GRAPHROOT and CONTAINERS_RUNROOT
define two environment variables, that simplify the task of cleaning
up the storage, as we can do something like:
podman unshare sh -c 'rm -rf $CONTAINERS_GRAPHROOT $CONTAINERS_RUNROOT'
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
| -rw-r--r-- | cmd/podman/unshare.go | 42 | ||||
| -rw-r--r-- | docs/podman-unshare.1.md | 7 |
2 files changed, 39 insertions, 10 deletions
diff --git a/cmd/podman/unshare.go b/cmd/podman/unshare.go index b9ae8dd6b..4a4e371db 100644 --- a/cmd/podman/unshare.go +++ b/cmd/podman/unshare.go @@ -3,9 +3,13 @@ package main import ( + "fmt" "os" "os/exec" + "github.com/containers/libpod/cmd/podman/cliconfig" + "github.com/containers/libpod/cmd/podman/libpodruntime" + "github.com/containers/libpod/libpod" "github.com/containers/libpod/pkg/rootless" "github.com/pkg/errors" "github.com/spf13/cobra" @@ -17,39 +21,59 @@ var ( Use: "unshare [flags] [COMMAND [ARG]]", Short: "Run a command in a modified user namespace", Long: unshareDescription, - RunE: unshareCmd, + RunE: func(cmd *cobra.Command, args []string) error { + unshareCommand.InputArgs = args + unshareCommand.GlobalFlags = MainGlobalOpts + return unshareCmd(&unshareCommand) + }, Example: `podman unshare id podman unshare cat /proc/self/uid_map, podman unshare podman-script.sh`, } + unshareCommand cliconfig.PodmanCommand ) func init() { - _unshareCommand.SetUsageTemplate(UsageTemplate()) + unshareCommand.Command = _unshareCommand + unshareCommand.SetHelpTemplate(HelpTemplate()) + unshareCommand.SetUsageTemplate(UsageTemplate()) flags := _unshareCommand.Flags() flags.SetInterspersed(false) } -func unshareEnv() []string { - return append(os.Environ(), "_CONTAINERS_USERNS_CONFIGURED=done") +func unshareEnv(config *libpod.RuntimeConfig) []string { + return append(os.Environ(), "_CONTAINERS_USERNS_CONFIGURED=done", + fmt.Sprintf("CONTAINERS_GRAPHROOT=%s", config.StorageConfig.GraphRoot), + fmt.Sprintf("CONTAINERS_RUNROOT=%s", config.StorageConfig.RunRoot)) } // unshareCmd execs whatever using the ID mappings that we want to use for ourselves -func unshareCmd(c *cobra.Command, args []string) error { +func unshareCmd(c *cliconfig.PodmanCommand) error { + if isRootless := rootless.IsRootless(); !isRootless { return errors.Errorf("please use unshare with rootless") } // exec the specified command, if there is one - if len(args) < 1 { + if len(c.InputArgs) < 1 { // try to exec the shell, if one's set shell, shellSet := os.LookupEnv("SHELL") if !shellSet { return errors.Errorf("no command specified and no $SHELL specified") } - args = []string{shell} + c.InputArgs = []string{shell} + } + + runtime, err := libpodruntime.GetRuntime(getContext(), c) + if err != nil { + return err } - cmd := exec.Command(args[0], args[1:]...) - cmd.Env = unshareEnv() + runtimeConfig, err := runtime.GetConfig() + if err != nil { + return err + } + + cmd := exec.Command(c.InputArgs[0], c.InputArgs[1:]...) + cmd.Env = unshareEnv(runtimeConfig) cmd.Stdin = os.Stdin cmd.Stdout = os.Stdout cmd.Stderr = os.Stderr diff --git a/docs/podman-unshare.1.md b/docs/podman-unshare.1.md index a7f018ce1..a10fb40f9 100644 --- a/docs/podman-unshare.1.md +++ b/docs/podman-unshare.1.md @@ -19,6 +19,11 @@ manually clearing storage and other data related to images and containers. It is also useful if you want to use the `podman mount` command. If an unprivileged users wants to mount and work with a container, then they need to execute podman unshare. Executing `podman mount` fails for unprivileged users unless the user is running inside a `podman unshare` session. +The unshare session defines two environment variables: + +**CONTAINERS_GRAPHROOT** the path to the persistent containers data. +**CONTAINERS_RUNROOT** the path to the volatile containers data. + ## EXAMPLE ``` @@ -34,4 +39,4 @@ $ podman unshare cat /proc/self/uid_map /proc/self/gid_map ## SEE ALSO -podman(1), podman-mount(1), namespaces(7), newuidmap(1), newgidmap(1), user\_namespaces(7)
\ No newline at end of file +podman(1), podman-mount(1), namespaces(7), newuidmap(1), newgidmap(1), user\_namespaces(7) |